[Samba] net ads and wbinfo are painfully slow -- but they work
Rowland Penny
rpenny at samba.org
Tue Jan 31 17:22:22 UTC 2017
On Tue, 31 Jan 2017 08:59:02 -0800
Chris Stankevitz via samba <samba at lists.samba.org> wrote:
> I just created a windows domain. it is essentially empty except for a
> couple of users and an group policy related to windows update. I then
> configured samba to connect using ads.
>
> net ads join took > 5 minutes - but worked fine
>
> net ads testjoin takes ~5 minutes - shows a good join
>
> wbinfo -u takes ~5 minutes and shows the users
>
> During the long wbinfo pause, the log show: "Starting GENSEC sub
> mechanism gse-krb5"
>
> I'm using samba 4.2.14 on FreeBSD 10.3. Configuration files printed
> below and came from the samba wiki [1]. The network is not connected
> to the internet.
>
> Can you tell me what is wrong?
>
> Thank you,
>
> Chris
>
> [1]
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> root at nickel:~ # smbd --version
> Version 4.2.14
>
> root at nickel:~ # cat /etc/krb5.conf
> [libdefaults]
> default_realm = MYDOMAIN.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> root at nickel:~ # cat /usr/local/etc/smb4.conf
> [global]
> security = ADS
> workgroup = MYDOMAIN
> realm = MYDOMAIN.LOCAL
> disable netbios = yes
> idmap config * : backend = tdb
> idmap config * : range = 3000-19999
I know you say that you followed the wiki and I can see that the above
two 'idmap config' lines were copied from the wiki, but did you miss or
not understand the info directly below where the two lines came from ?
What I am trying to get at, is it obvious that you need to click on one
of the links ?
I would also expect to see at least something like this:
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-999999
Rowland
More information about the samba
mailing list